[Samba] samba, ads, winbind and active directory
Jason Gerfen
jason.gerfen at scl.utah.edu
Wed May 28 12:43:56 GMT 2008
That is correct. Some more information so that I might receive some help
with this.
I can perform the following commands without problem:
wbinfo -t
wbinfo -m
wbinfo -g
wbinfo -u
wbinfo --krb5auth=user%password
I am not able to do the following:
getent group
getent passwd
net use x: \\valhalla\test /user:user (from a windows machine)
Anyone know what I am doing wrong or could perhaps provide some more
insight? I am definitely seeing somethings in the logs that I am unsure
of how to fix. Any help, pointers etc are appreciated.
Some log data:
[log.winbindd-idmap]
[2008/05/27 14:20:18, 10] nsswitch/idmap_util.c:idmap_sid_to_uid(125)
sid [S-1-5-21-2868754479-89028146-2101856903-88475] not mapped to an
uid [2,1,2885498664]
Contents of my smb.conf
[global]
workgroup = scl
realm = SCL.UTAH.EDU
server string = valhalla.scl.utah.edu
netbios name = valhalla
password server = *
encrypt passwords = true
security = ads
os level = 20
allow trusted domains = no
auth methods = winbind
ldap ssl = no
interfaces = eth0, lo
bind interfaces only = yes
socket options = TCP_NODELAY
log level = 20
log file = /var/log/samba3/log.%m
max log size = 50
client signing = yes
client schannel = no
client use spnego = yes
preferred master = no
local master = no
domain master = no
wins proxy = no
dns proxy = No
template shell = /bin/bash
nt acl support = yes
inherit permissions = yes
create mask = 0775
template homedir = /home/%U
winbind uid = 1000-2000000
winbind gid = 500-2000000
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind offline logon = true
winbind nss info = sfu
idmap uid = 1000-2000000
idmap gid = 500-2000000
idmap domains = THEDOMAIN
idmap config THEDOMAIN:backend = ad
idmap config THEDOMAIN:default = yes
idmap config THEDOMAIN:schema_mode = rfc2307
idmap config THEDOMAIN:range = 1000 - 300000000
printcap name = cups
printing = cups
load printers = yes
cups options = raw
print command =
lpq command = %p
lprm command =
[test]
comment = testing
browsable = yes
read only = yes
create mode = 0644
path = /home/jason
David Molina Cuevas wrote:
> Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
> I think I had the same problem before, I'll try to remember it.
>
> David Molina
>
>
> On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen <jason.gerfen at scl.utah.edu>
> wrote:
>
>> I can enumerate users and groups from the domain but I cannot authenticate
>> the users.
>>
>> Any help?
>>
>> --
>> Jas
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>
--
Jas
More information about the samba
mailing list